Data Connectors - Create Or Update

Referencia

Servicio:: Sentinel

Versión de la API:: 2024-01-01-preview

Crea o actualiza el conector de datos.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}?api-version=2024-01-01-preview

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
dataConnectorId	path	True	string	Identificador del conector
resourceGroupName	path	True	string	Nombre del grupo de recursos. El nombre no distingue mayúsculas de minúsculas.
subscriptionId	path	True	string	Identificador de la suscripción de destino.
workspaceName	path	True	string	Nombre del área de trabajo. Patrón de Regex: `^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$`
api-version	query	True	string	Versión de la API que se va a usar para esta operación.

Cuerpo de la solicitud

El cuerpo de la solicitud puede ser uno de los siguientes:

Nombre	Description
AADDataConnector	Representa el conector de datos AADIP (Azure Active Directory Identity Protection).
AATPDataConnector	Representa el conector de datos de AATP (Azure Advanced Threat Protection).
ASCDataConnector	Representa el conector de datos de ASC (Azure Security Center).
AwsCloudTrailDataConnector	Representa el conector de datos de Amazon Web Services CloudTrail.
AwsS3DataConnector	Representa el conector de datos de Amazon Web Services S3.
CodelessApiPollingDataConnector	Representa el conector de datos de sondeo de API sin código.
CodelessUiDataConnector	Representa el conector de datos de interfaz de usuario sin código.
Dynamics365DataConnector	Representa el conector de datos de Dynamics365.
GCPDataConnector	Representa el conector de datos de Google Cloud Platform.
IoTDataConnector	Representa el conector de datos de IoT.
MCASDataConnector	Representa el conector de datos MCAS (Microsoft Cloud App Security).
MDATPDataConnector	Representa el conector de datos MDATP (Protección contra amenazas avanzada de Microsoft Defender).
MicrosoftPurviewInformationProtectionDataConnector	Representa el conector de datos de Microsoft Purview Information Protection.
MSTIDataConnector	Representa el conector de datos de Inteligencia sobre amenazas de Microsoft.
MTPDataConnector	Representa el conector de datos MTP (Protección contra amenazas de Microsoft).
Office365ProjectDataConnector	Representa el conector de datos de Microsoft Project de Office.
OfficeATPDataConnector	Representa el conector de datos officeATP (Protección contra amenazas avanzada de Office 365).
OfficeDataConnector	Representa el conector de datos de office.
OfficeIRMDataConnector	Representa el conector de datos de OfficeIRM (Administración de riesgos internos de Microsoft).
OfficePowerBIDataConnector	Representa el conector de datos de Microsoft PowerBI de Office.
RestApiPollerDataConnector	Representa el conector de datos de rest Api Poller.
TIDataConnector	Representa el conector de datos de inteligencia sobre amenazas.
TiTaxiiDataConnector	Conector de datos para extraer datos de inteligencia sobre amenazas del servidor TAXII 2.0/2.1

AADDataConnector

Representa el conector de datos AADIP (Azure Active Directory Identity Protection).

Nombre	Requerido	Tipo	Description
kind	True	string: AzureActiveDirectory	Tipo de conector de datos
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.

AATPDataConnector

Representa el conector de datos de AATP (Azure Advanced Threat Protection).

Nombre	Requerido	Tipo	Description
kind	True	string: AzureAdvancedThreatProtection	Tipo de conector de datos
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.

ASCDataConnector

Representa el conector de datos de ASC (Azure Security Center).

Nombre	Requerido	Tipo	Description
kind	True	string: AzureSecurityCenter	Tipo de conector de datos
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.subscriptionId		string	Identificador de suscripción al que conectarse y obtener los datos.

AwsCloudTrailDataConnector

Representa el conector de datos de Amazon Web Services CloudTrail.

Nombre	Requerido	Tipo	Description
kind	True	string: AmazonWebServicesCloudTrail	Tipo de conector de datos
properties.dataTypes	True	AwsCloudTrailDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
etag		string	Etag del recurso de Azure
properties.awsRoleArn		string	Aws Role Arn (con la directiva CloudTrailReadOnly) que se usa para acceder a la cuenta de Aws.

AwsS3DataConnector

Representa el conector de datos de Amazon Web Services S3.

Nombre	Requerido	Tipo	Description
kind	True	string: AmazonWebServicesS3	Tipo de conector de datos
properties.dataTypes	True	AwsS3DataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.destinationTable	True	string	El nombre de la tabla de destino de registros en LogAnalytics.
properties.roleArn	True	string	Aws Role Arn que se usa para acceder a la cuenta de Aws.
properties.sqsUrls	True	string[]	Direcciones URL de AWS sqs para el conector.
etag		string	Etag del recurso de Azure

CodelessApiPollingDataConnector

Representa el conector de datos de sondeo de API sin código.

Nombre	Requerido	Tipo	Description
kind	True	string: APIPolling	Tipo de conector de datos
etag		string	Etag del recurso de Azure
properties.connectorUiConfig		CodelessUiConnectorConfigProperties	Configuración para describir la hoja de instrucciones
properties.pollingConfig		CodelessConnectorPollingConfigProperties	Configuración para describir las instrucciones de sondeo

CodelessUiDataConnector

Representa el conector de datos de interfaz de usuario sin código.

Nombre	Requerido	Tipo	Description
kind	True	string: GenericUI	Tipo de conector de datos
etag		string	Etag del recurso de Azure
properties.connectorUiConfig		CodelessUiConnectorConfigProperties	Configuración para describir la hoja de instrucciones

Dynamics365DataConnector

Representa el conector de datos de Dynamics365.

Nombre	Requerido	Tipo	Description
kind	True	string: Dynamics365	Tipo de conector de datos
properties.dataTypes	True	Dynamics365DataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

GCPDataConnector

Representa el conector de datos de Google Cloud Platform.

Nombre	Requerido	Tipo	Description
kind	True	string: GCP	Tipo de conector de datos
properties.auth	True	GCPAuthProperties	Sección de autenticación del conector.
properties.connectorDefinitionName	True	string	Nombre de la definición del conector que representa la configuración de la interfaz de usuario.
properties.request	True	GCPRequestProperties	Sección de solicitud del conector.
etag		string	Etag del recurso de Azure
properties.dcrConfig		DCRConfiguration	Configuración del destino de los datos.

IoTDataConnector

Representa el conector de datos de IoT.

Nombre	Requerido	Tipo	Description
kind	True	string: IOT	Tipo de conector de datos
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.subscriptionId		string	Identificador de suscripción al que conectarse y obtener los datos.

MCASDataConnector

Representa el conector de datos MCAS (Microsoft Cloud App Security).

Nombre	Requerido	Tipo	Description
kind	True	string: MicrosoftCloudAppSecurity	Tipo de conector de datos
properties.dataTypes	True	MCASDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

MDATPDataConnector

Representa el conector de datos MDATP (Protección contra amenazas avanzada de Microsoft Defender).

Nombre	Requerido	Tipo	Description
kind	True	string: MicrosoftDefenderAdvancedThreatProtection	Tipo de conector de datos
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.

MicrosoftPurviewInformationProtectionDataConnector

Representa el conector de datos de Microsoft Purview Information Protection.

Nombre	Requerido	Tipo	Description
kind	True	string: MicrosoftPurviewInformationProtection	Tipo de conector de datos
properties.dataTypes	True	MicrosoftPurviewInformationProtectionConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

MSTIDataConnector

Representa el conector de datos de Inteligencia sobre amenazas de Microsoft.

Nombre	Requerido	Tipo	Description
kind	True	string: MicrosoftThreatIntelligence	Tipo de conector de datos
properties.dataTypes	True	MSTIDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

MTPDataConnector

Representa el conector de datos MTP (Protección contra amenazas de Microsoft).

Nombre	Requerido	Tipo	Description
kind	True	string: MicrosoftThreatProtection	Tipo de conector de datos
properties.dataTypes	True	MTPDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.filteredProviders		MtpFilteredProviders	Los proveedores filtrados disponibles para el conector.

Office365ProjectDataConnector

Representa el conector de datos de Microsoft Project de Office.

Nombre	Requerido	Tipo	Description
kind	True	string: Office365Project	Tipo de conector de datos
properties.dataTypes	True	Office365ProjectConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

OfficeATPDataConnector

Representa el conector de datos officeATP (Protección contra amenazas avanzada de Office 365).

Nombre	Requerido	Tipo	Description
kind	True	string: OfficeATP	Tipo de conector de datos
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.

OfficeDataConnector

Representa el conector de datos de office.

Nombre	Requerido	Tipo	Description
kind	True	string: Office365	Tipo de conector de datos
properties.dataTypes	True	OfficeDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

OfficeIRMDataConnector

Representa el conector de datos de OfficeIRM (Administración de riesgos internos de Microsoft).

Nombre	Requerido	Tipo	Description
kind	True	string: OfficeIRM	Tipo de conector de datos
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.dataTypes		AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.

OfficePowerBIDataConnector

Representa el conector de datos de Microsoft PowerBI de Office.

Nombre	Requerido	Tipo	Description
kind	True	string: OfficePowerBI	Tipo de conector de datos
properties.dataTypes	True	OfficePowerBIConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure

RestApiPollerDataConnector

Representa el conector de datos de rest Api Poller.

Nombre	Requerido	Tipo	Description
kind	True	string: RestApiPoller	Tipo de conector de datos
properties.auth	True	CcpAuthConfig: ApiKeyAuthModel AWSAuthModel BasicAuthModel GCPAuthModel GenericBlobSbsAuthModel GitHubAuthModel NoneAuthModel JwtAuthModel OAuthModel OracleAuthModel SessionAuthModel	Modelo de autenticación.
properties.connectorDefinitionName	True	string	El nombre de la definición del conector (el identificador de recurso dataConnectorDefinition).
properties.request	True	RestApiPollerRequestConfig	Configuración de la solicitud.
etag		string	Etag del recurso de Azure
properties.addOnAttributes		object	El complemento de atributos. El nombre de clave se convertirá en nombre de atributo (una columna) y el valor se convertirá en el valor de atributo de la carga.
properties.dataType		string	Destino de la tabla de Log Analytics.
properties.dcrConfig		DCRConfiguration	Propiedades relacionadas con DCR.
properties.isActive		boolean	Indica si el conector está activo o no.
properties.paging		RestApiPollerRequestPagingConfig	Configuración de paginación.
properties.response		CcpResponseConfig	Configuración de respuesta.

TIDataConnector

Representa el conector de datos de inteligencia sobre amenazas.

Nombre	Requerido	Tipo	Description
kind	True	string: ThreatIntelligence	Tipo de conector de datos
properties.dataTypes	True	TIDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.tipLookbackPeriod		string	Período de búsqueda para la fuente que se va a importar.

TiTaxiiDataConnector

Conector de datos para extraer datos de inteligencia sobre amenazas del servidor TAXII 2.0/2.1

Nombre	Requerido	Tipo	Description
kind	True	string: ThreatIntelligenceTaxii	Tipo de conector de datos
properties.dataTypes	True	TiTaxiiDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos TAXII de Inteligencia sobre amenazas.
properties.pollingFrequency	True	PollingFrequency	Frecuencia de sondeo del servidor TAXII.
properties.tenantId	True	string	Identificador de inquilino al que conectarse y obtener los datos.
etag		string	Etag del recurso de Azure
properties.collectionId		string	Identificador de colección del servidor TAXII.
properties.friendlyName		string	Nombre descriptivo del servidor TAXII.
properties.password		string	Contraseña del servidor TAXII.
properties.taxiiLookbackPeriod		string	Período de búsqueda para el servidor TAXII.
properties.taxiiServer		string	Raíz de la API para el servidor TAXII.
properties.userName		string	UserName para el servidor TAXII.
properties.workspaceId		string	Identificador del área de trabajo.

Respuestas

Nombre	Tipo	Description
200 OK	DataConnector: AADDataConnector MSTIDataConnector MTPDataConnector AATPDataConnector ASCDataConnector AwsCloudTrailDataConnector AwsS3DataConnector RestApiPollerDataConnector GCPDataConnector MCASDataConnector Dynamics365DataConnector OfficeATPDataConnector MicrosoftPurviewInformationProtectionDataConnector Office365ProjectDataConnector OfficePowerBIDataConnector OfficeIRMDataConnector MDATPDataConnector OfficeDataConnector TIDataConnector TiTaxiiDataConnector IoTDataConnector CodelessUiDataConnector CodelessApiPollingDataConnector	Correcto, operación completada correctamente
201 Created	DataConnector: AADDataConnector MSTIDataConnector MTPDataConnector AATPDataConnector ASCDataConnector AwsCloudTrailDataConnector AwsS3DataConnector RestApiPollerDataConnector GCPDataConnector MCASDataConnector Dynamics365DataConnector OfficeATPDataConnector MicrosoftPurviewInformationProtectionDataConnector Office365ProjectDataConnector OfficePowerBIDataConnector OfficeIRMDataConnector MDATPDataConnector OfficeDataConnector TIDataConnector TiTaxiiDataConnector IoTDataConnector CodelessUiDataConnector CodelessApiPollingDataConnector	Creado
Other Status Codes	CloudError	Respuesta de error que describe por qué se produjo un error en la operación.

Seguridad

azure_auth

Flujo de OAuth2 de Azure Active Directory

Tipo: oauth2
Flujo: implicit
Dirección URL de autorización: https://login.microsoftonline.com/common/oauth2/authorize

Ámbitos

Nombre	Description
user_impersonation	suplantar la cuenta de usuario

Ejemplos

Creates or updates a APIPolling data connector

Creates or updates a Dynamics365 data connector.

Creates or updates a GCP data connector

Creates or updates a GenericUI data connector

Creates or updates a Microsoft Threat Intelligence data connector.

Creates or updates a MicrosoftThreatProtection data connector

Creates or updates a Threat Intelligence Taxii data connector.

Creates or updates an MicrosoftPurviewInformationProtection data connector

Creates or updates an Office PowerBI data connector

Creates or updates an Office365 data connector

Creates or updates an Office365 Project data connector

Creates or updates an Threat Intelligence Platform data connector

Creates or updates a APIPolling data connector

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8?api-version=2024-01-01-preview

{
  "kind": "APIPolling",
  "properties": {
    "connectorUiConfig": {
      "title": "GitHub Enterprise Audit Log",
      "publisher": "GitHub",
      "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.",
      "graphQueriesTableName": "GitHubAuditLogPolling_CL",
      "graphQueries": [
        {
          "metricName": "Total events received",
          "legend": "GitHub audit log events",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "All logs",
          "query": "{{graphQueriesTableName}}\n | take 10 <change>"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "connectivityCriteria": [
        {
          "type": "SentinelKindsV2",
          "value": []
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          }
        ],
        "customs": [
          {
            "name": "GitHub API personal token Key",
            "description": "You need access to GitHub personal token, the key should have 'admin:org' scope"
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel",
          "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key",
          "instructions": [
            {
              "parameters": {
                "enable": "true",
                "userRequestPlaceHoldersInput": [
                  {
                    "displayText": "Organization Name",
                    "requestObjectKey": "apiEndpoint",
                    "placeHolderName": "{{placeHolder1}}",
                    "placeHolderValue": ""
                  }
                ]
              },
              "type": "APIKey"
            }
          ]
        }
      ]
    },
    "pollingConfig": {
      "auth": {
        "authType": "APIKey",
        "apiKeyIdentifier": "token",
        "apiKeyName": "Authorization"
      },
      "request": {
        "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log",
        "rateLimitQps": 50,
        "queryWindowInMin": 15,
        "httpMethod": "Get",
        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
        "retryCount": 2,
        "timeoutInSeconds": 60,
        "headers": {
          "Accept": "application/json",
          "User-Agent": "Scuba"
        },
        "queryParameters": {
          "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"
        }
      },
      "paging": {
        "pagingType": "LinkHeader",
        "pageSizeParaName": "per_page"
      },
      "response": {
        "eventsJsonPaths": [
          "$"
        ]
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateAPIPolling.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8";
SecurityInsightsDataConnectorData data = new CodelessApiPollingDataConnector()
{
    ConnectorUiConfig = new CodelessUiConnectorConfigProperties("GitHub Enterprise Audit Log", "GitHub", "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", "GitHubAuditLogPolling_CL", new ConnectorGraphQueries[]
{
new ConnectorGraphQueries()
{
MetricName = "Total events received",
Legend = "GitHub audit log events",
BaseQuery = "{{graphQueriesTableName}}",
}
}, new SourceControlSampleQueries[]
{
new SourceControlSampleQueries()
{
Description = "All logs",
Query = "{{graphQueriesTableName}}\n | take 10 <change>",
}
}, new LastDataReceivedDataType[]
{
new LastDataReceivedDataType()
{
Name = "{{graphQueriesTableName}}",
LastDataReceivedQuery = "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)",
}
}, new ConnectorConnectivityCriteria[]
{
new ConnectorConnectivityCriteria()
{
ConnectivityType = new ConnectorConnectivityType("SentinelKindsV2"),
Value =
{
},
}
}, new ConnectorAvailability()
{
    Status = ConnectorAvailabilityStatus._1,
    IsPreview = true,
}, new ConnectorPermissions()
{
    ResourceProvider =
{
new ConnectorResourceProvider()
{
Provider = ConnectorProviderName.MicrosoftOperationalInsightsWorkspaces,
PermissionsDisplayText = "read and write permissions are required.",
ProviderDisplayName = "Workspace",
Scope = PermissionProviderScope.Workspace,
RequiredPermissions = new ConnectorRequiredPermissions()
{
IsWriteAction = true,
IsReadAction = true,
IsDeleteAction = true,
},
}
},
    Customs =
{
new ConnectorCustoms()
{
Name = "GitHub API personal token Key",
Description = "You need access to GitHub personal token, the key should have 'admin:org' scope",
}
},
}, new InstructionSteps[]
{
new InstructionSteps()
{
Title = "Connect GitHub Enterprise Audit Log to Azure Sentinel",
Description = "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key",
Instructions =
{
new ConnectorInstructionModelBase(new ConnectorSettingType("APIKey"))
{
Parameters = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["enable"] = "true",
["userRequestPlaceHoldersInput"] = new object[] { new Dictionary<string, object>()
{
["displayText"] = "Organization Name",
["placeHolderName"] = "{{placeHolder1}}",
["placeHolderValue"] = "",
["requestObjectKey"] = "apiEndpoint"} }}),
}
},
}
}),
    PollingConfig = new CodelessConnectorPollingConfigProperties(new CodelessConnectorPollingAuthProperties("APIKey")
    {
        ApiKeyName = "Authorization",
        ApiKeyIdentifier = "token",
    }, new CodelessConnectorPollingRequestProperties("https://api.github.com/organizations/{{placeHolder1}}/audit-log", 15, "Get", "yyyy-MM-ddTHH:mm:ssZ")
    {
        RateLimitQps = 50,
        RetryCount = 2,
        TimeoutInSeconds = 60,
        Headers = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
        {
            ["Accept"] = "application/json",
            ["User-Agent"] = "Scuba"
        }),
        QueryParameters = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
        {
            ["phrase"] = "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"
        }),
    })
    {
        Paging = new CodelessConnectorPollingPagingProperties("LinkHeader")
        {
            PageSizeParaName = "per_page",
        },
        Response = new CodelessConnectorPollingResponseProperties(new string[]
{
"$"
}),
    },
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "APIPolling",
  "properties": {
    "connectorUiConfig": {
      "title": "GitHub Enterprise Audit Log",
      "publisher": "GitHub",
      "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.",
      "graphQueriesTableName": "GitHubAuditLogPolling_CL",
      "graphQueries": [
        {
          "metricName": "Total events received",
          "legend": "GitHub audit log events",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "All logs",
          "query": "{{graphQueriesTableName}}\n | take 10 <change>"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "connectivityCriteria": [
        {
          "type": "SentinelKindsV2",
          "value": []
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          }
        ],
        "customs": [
          {
            "name": "GitHub API personal token Key",
            "description": "You need access to GitHub personal token, the key should have 'admin:org' scope"
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel",
          "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key",
          "instructions": [
            {
              "parameters": {
                "enable": "true",
                "userRequestPlaceHoldersInput": [
                  {
                    "displayText": "Organization Name",
                    "requestObjectKey": "apiEndpoint",
                    "placeHolderName": "{{placeHolder1}}",
                    "placeHolderValue": ""
                  }
                ]
              },
              "type": "APIKey"
            }
          ]
        }
      ]
    },
    "pollingConfig": {
      "auth": {
        "authType": "APIKey",
        "apiKeyIdentifier": "token",
        "apiKeyName": "Authorization"
      },
      "request": {
        "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log",
        "rateLimitQps": 50,
        "queryWindowInMin": 15,
        "httpMethod": "Get",
        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
        "retryCount": 2,
        "timeoutInSeconds": 60,
        "headers": {
          "Accept": "application/json",
          "User-Agent": "Scuba"
        },
        "queryParameters": {
          "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"
        }
      },
      "paging": {
        "pagingType": "LinkHeader",
        "pageSizeParaName": "per_page"
      },
      "response": {
        "eventsJsonPaths": [
          "$"
        ]
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "APIPolling",
  "properties": {
    "connectorUiConfig": {
      "title": "GitHub Enterprise Audit Log",
      "publisher": "GitHub",
      "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.",
      "graphQueriesTableName": "GitHubAuditLogPolling_CL",
      "graphQueries": [
        {
          "metricName": "Total events received",
          "legend": "GitHub audit log events",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "All logs",
          "query": "{{graphQueriesTableName}}\n | take 10 <change>"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "connectivityCriteria": [
        {
          "type": "SentinelKindsV2",
          "value": []
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          }
        ],
        "customs": [
          {
            "name": "GitHub API personal token Key",
            "description": "You need access to GitHub personal token, the key should have 'admin:org' scope"
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel",
          "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key",
          "instructions": [
            {
              "parameters": {
                "enable": "true",
                "userRequestPlaceHoldersInput": [
                  {
                    "displayText": "Organization Name",
                    "requestObjectKey": "apiEndpoint",
                    "placeHolderName": "{{placeHolder1}}",
                    "placeHolderValue": ""
                  }
                ]
              },
              "type": "APIKey"
            }
          ]
        }
      ]
    },
    "pollingConfig": {
      "auth": {
        "authType": "APIKey",
        "apiKeyIdentifier": "token",
        "apiKeyName": "Authorization"
      },
      "request": {
        "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log",
        "rateLimitQps": 50,
        "queryWindowInMin": 15,
        "httpMethod": "Get",
        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
        "retryCount": 2,
        "timeoutInSeconds": 60,
        "headers": {
          "Accept": "application/json",
          "User-Agent": "Scuba"
        },
        "queryParameters": {
          "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"
        }
      },
      "paging": {
        "pagingType": "LinkHeader",
        "pageSizeParaName": "per_page"
      },
      "response": {
        "eventsJsonPaths": [
          "$"
        ]
      }
    }
  }
}

Creates or updates a Dynamics365 data connector.

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c2541efb-c9a6-47fe-9501-87d1017d1512?api-version=2024-01-01-preview

{
  "kind": "Dynamics365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "dynamics365CdsActivities": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "c2541efb-c9a6-47fe-9501-87d1017d1512";
SecurityInsightsDataConnectorData data = new Dynamics365DataConnector()
{
    TenantId = Guid.Parse("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
    Dynamics365CdsActivitiesState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "c2541efb-c9a6-47fe-9501-87d1017d1512",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Dynamics365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "dynamics365CdsActivities": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "c2541efb-c9a6-47fe-9501-87d1017d1512",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Dynamics365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "dynamics365CdsActivities": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates a GCP data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1?api-version=2024-01-01-preview

{
  "kind": "GCP",
  "properties": {
    "connectorDefinitionName": "GcpConnector",
    "auth": {
      "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com",
      "projectNumber": "123456789012",
      "workloadIdentityProviderId": "sentinel-identity-provider",
      "type": "GCP"
    },
    "request": {
      "projectId": "project-id",
      "subscriptionNames": [
        "sentinel-subscription"
      ]
    },
    "dcrConfig": {
      "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com",
      "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023",
      "streamName": "SENTINEL_GCP_AUDIT_LOGS"
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1";
SecurityInsightsDataConnectorData data = new GcpDataConnector()
{
    ConnectorDefinitionName = "GcpConnector",
    Auth = new GcpAuthProperties("sentinel-service-account@project-id.iam.gserviceaccount.com", "123456789012", "sentinel-identity-provider"),
    Request = new GcpRequestProperties("project-id", new string[]
{
"sentinel-subscription"
}),
    DcrConfig = new DcrConfiguration("https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", "dcr-de21b053bd5a44beb99a256c9db85023", "SENTINEL_GCP_AUDIT_LOGS"),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48",
  "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "kind": "GCP",
  "properties": {
    "connectorDefinitionName": "GcpConnector",
    "auth": {
      "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com",
      "projectNumber": "123456789012",
      "workloadIdentityProviderId": "sentinel-identity-provider",
      "type": "GCP"
    },
    "request": {
      "projectId": "project-id",
      "subscriptionNames": [
        "sentinel-subscription"
      ]
    },
    "dcrConfig": {
      "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com",
      "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023",
      "streamName": "SENTINEL_GCP_AUDIT_LOGS"
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48",
  "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "kind": "GCP",
  "properties": {
    "connectorDefinitionName": "GcpConnector",
    "auth": {
      "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com",
      "projectNumber": "123456789012",
      "workloadIdentityProviderId": "sentinel-identity-provider",
      "type": "GCP"
    },
    "request": {
      "projectId": "project-id",
      "subscriptionNames": [
        "sentinel-subscription"
      ]
    },
    "dcrConfig": {
      "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com",
      "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023",
      "streamName": "SENTINEL_GCP_AUDIT_LOGS"
    }
  }
}

Creates or updates a GenericUI data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8?api-version=2024-01-01-preview

{
  "kind": "GenericUI",
  "properties": {
    "connectorUiConfig": {
      "title": "Qualys Vulnerability Management (CCP DEMO)",
      "publisher": "Qualys",
      "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ",
      "graphQueriesTableName": "QualysHostDetection_CL",
      "graphQueries": [
        {
          "metricName": "Total data received",
          "legend": "{{graphQueriesTableName}}",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "Top 10 Vulerabilities detected",
          "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "connectivityCriteria": [
        {
          "type": "IsConnectedQuery",
          "value": [
            "{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
          ]
        }
      ],
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions on the workspace are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          },
          {
            "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
            "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
            "providerDisplayName": "Keys",
            "scope": "Workspace",
            "requiredPermissions": {
              "action": true
            }
          }
        ],
        "customs": [
          {
            "name": "Microsoft.Web/sites permissions",
            "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
          },
          {
            "name": "Qualys API Key",
            "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "",
          "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
        },
        {
          "title": "",
          "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
        },
        {
          "title": "",
          "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."
        },
        {
          "title": "",
          "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.",
          "instructions": [
            {
              "parameters": {
                "fillWith": [
                  "WorkspaceId"
                ],
                "label": "Workspace ID"
              },
              "type": "CopyableLabel"
            },
            {
              "parameters": {
                "fillWith": [
                  "PrimaryKey"
                ],
                "label": "Primary Key"
              },
              "type": "CopyableLabel"
            }
          ]
        },
        {
          "title": "Option 1 - Azure Resource Manager (ARM) Template",
          "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."
        },
        {
          "title": "Option 2 - Manual Deployment of Azure Functions",
          "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."
        },
        {
          "title": "",
          "description": "**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."
        },
        {
          "title": "",
          "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."
        },
        {
          "title": "",
          "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."
        },
        {
          "title": "",
          "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"
        }
      ]
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateGenericUI.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8";
SecurityInsightsDataConnectorData data = new CodelessUiDataConnector()
{
    ConnectorUiConfig = new CodelessUiConnectorConfigProperties("Qualys Vulnerability Management (CCP DEMO)", "Qualys", "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", "QualysHostDetection_CL", new ConnectorGraphQueries[]
{
new ConnectorGraphQueries()
{
MetricName = "Total data received",
Legend = "{{graphQueriesTableName}}",
BaseQuery = "{{graphQueriesTableName}}",
}
}, new SourceControlSampleQueries[]
{
new SourceControlSampleQueries()
{
Description = "Top 10 Vulerabilities detected",
Query = "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_",
}
}, new LastDataReceivedDataType[]
{
new LastDataReceivedDataType()
{
Name = "{{graphQueriesTableName}}",
LastDataReceivedQuery = "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)",
}
}, new ConnectorConnectivityCriteria[]
{
new ConnectorConnectivityCriteria()
{
ConnectivityType = ConnectorConnectivityType.IsConnectedQuery,
Value =
{
"{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
},
}
}, new ConnectorAvailability()
{
    Status = ConnectorAvailabilityStatus._1,
    IsPreview = true,
}, new ConnectorPermissions()
{
    ResourceProvider =
{
new ConnectorResourceProvider()
{
Provider = ConnectorProviderName.MicrosoftOperationalInsightsWorkspaces,
PermissionsDisplayText = "read and write permissions on the workspace are required.",
ProviderDisplayName = "Workspace",
Scope = PermissionProviderScope.Workspace,
RequiredPermissions = new ConnectorRequiredPermissions()
{
IsWriteAction = true,
IsReadAction = true,
IsDeleteAction = true,
},
},new ConnectorResourceProvider()
{
Provider = ConnectorProviderName.MicrosoftOperationalInsightsWorkspacesSharedKeys,
PermissionsDisplayText = "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
ProviderDisplayName = "Keys",
Scope = PermissionProviderScope.Workspace,
RequiredPermissions = new ConnectorRequiredPermissions()
{
IsCustomAction = true,
},
}
},
    Customs =
{
new ConnectorCustoms()
{
Name = "Microsoft.Web/sites permissions",
Description = "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/).",
},new ConnectorCustoms()
{
Name = "Qualys API Key",
Description = "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf).",
}
},
}, new InstructionSteps[]
{
new InstructionSteps()
{
Title = "",
Description = ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.",
},new InstructionSteps()
{
Title = "",
Description = ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.",
},new InstructionSteps()
{
Title = "",
Description = "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.",
},new InstructionSteps()
{
Title = "",
Description = "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.",
Instructions =
{
new ConnectorInstructionModelBase(ConnectorSettingType.CopyableLabel)
{
Parameters = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["fillWith"] = new object[] { "WorkspaceId" },
["label"] = "Workspace ID"}),
},new ConnectorInstructionModelBase(ConnectorSettingType.CopyableLabel)
{
Parameters = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["fillWith"] = new object[] { "PrimaryKey" },
["label"] = "Primary Key"}),
}
},
},new InstructionSteps()
{
Title = "Option 1 - Azure Resource Manager (ARM) Template",
Description = "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.",
},new InstructionSteps()
{
Title = "Option 2 - Manual Deployment of Azure Functions",
Description = "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.",
},new InstructionSteps()
{
Title = "",
Description = "**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.",
},new InstructionSteps()
{
Title = "",
Description = "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.",
},new InstructionSteps()
{
Title = "",
Description = "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.",
},new InstructionSteps()
{
Title = "",
Description = "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)",
}
}),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "GenericUI",
  "properties": {
    "connectorUiConfig": {
      "title": "Qualys Vulnerability Management (CCP DEMO)",
      "publisher": "Qualys",
      "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ",
      "graphQueriesTableName": "QualysHostDetection_CL",
      "graphQueries": [
        {
          "metricName": "Total data received",
          "legend": "{{graphQueriesTableName}}",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "Top 10 Vulerabilities detected",
          "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "connectivityCriteria": [
        {
          "type": "IsConnectedQuery",
          "value": [
            "{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
          ]
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions on the workspace are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          },
          {
            "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
            "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
            "providerDisplayName": "Keys",
            "scope": "Workspace",
            "requiredPermissions": {
              "action": true
            }
          }
        ],
        "customs": [
          {
            "name": "Microsoft.Web/sites permissions",
            "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
          },
          {
            "name": "Qualys API Key",
            "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "",
          "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
        },
        {
          "title": "",
          "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
        },
        {
          "title": "",
          "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."
        },
        {
          "title": "",
          "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.",
          "instructions": [
            {
              "parameters": {
                "fillWith": [
                  "WorkspaceId"
                ],
                "label": "Workspace ID"
              },
              "type": "CopyableLabel"
            },
            {
              "parameters": {
                "fillWith": [
                  "PrimaryKey"
                ],
                "label": "Primary Key"
              },
              "type": "CopyableLabel"
            }
          ]
        },
        {
          "title": "Option 1 - Azure Resource Manager (ARM) Template",
          "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."
        },
        {
          "title": "Option 2 - Manual Deployment of Azure Functions",
          "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."
        },
        {
          "title": "",
          "description": "**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."
        },
        {
          "title": "",
          "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."
        },
        {
          "title": "",
          "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."
        },
        {
          "title": "",
          "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"
        }
      ]
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8",
  "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "GenericUI",
  "properties": {
    "connectorUiConfig": {
      "title": "Qualys Vulnerability Management (CCP DEMO)",
      "publisher": "Qualys",
      "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ",
      "graphQueriesTableName": "QualysHostDetection_CL",
      "graphQueries": [
        {
          "metricName": "Total data received",
          "legend": "{{graphQueriesTableName}}",
          "baseQuery": "{{graphQueriesTableName}}"
        }
      ],
      "sampleQueries": [
        {
          "description": "Top 10 Vulerabilities detected",
          "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"
        }
      ],
      "dataTypes": [
        {
          "name": "{{graphQueriesTableName}}",
          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
      ],
      "connectivityCriteria": [
        {
          "type": "IsConnectedQuery",
          "value": [
            "{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
          ]
        }
      ],
      "availability": {
        "status": 1,
        "isPreview": true
      },
      "permissions": {
        "resourceProvider": [
          {
            "provider": "Microsoft.OperationalInsights/workspaces",
            "permissionsDisplayText": "read and write permissions on the workspace are required.",
            "providerDisplayName": "Workspace",
            "scope": "Workspace",
            "requiredPermissions": {
              "write": true,
              "read": true,
              "delete": true
            }
          },
          {
            "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
            "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
            "providerDisplayName": "Keys",
            "scope": "Workspace",
            "requiredPermissions": {
              "action": true
            }
          }
        ],
        "customs": [
          {
            "name": "Microsoft.Web/sites permissions",
            "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
          },
          {
            "name": "Qualys API Key",
            "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."
          }
        ]
      },
      "instructionSteps": [
        {
          "title": "",
          "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
        },
        {
          "title": "",
          "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
        },
        {
          "title": "",
          "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."
        },
        {
          "title": "",
          "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.",
          "instructions": [
            {
              "parameters": {
                "fillWith": [
                  "WorkspaceId"
                ],
                "label": "Workspace ID"
              },
              "type": "CopyableLabel"
            },
            {
              "parameters": {
                "fillWith": [
                  "PrimaryKey"
                ],
                "label": "Primary Key"
              },
              "type": "CopyableLabel"
            }
          ]
        },
        {
          "title": "Option 1 - Azure Resource Manager (ARM) Template",
          "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."
        },
        {
          "title": "Option 2 - Manual Deployment of Azure Functions",
          "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."
        },
        {
          "title": "",
          "description": "**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."
        },
        {
          "title": "",
          "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."
        },
        {
          "title": "",
          "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."
        },
        {
          "title": "",
          "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"
        }
      ]
    }
  }
}

Creates or updates a Microsoft Threat Intelligence data connector.

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04?api-version=2024-01-01-preview

{
  "kind": "MicrosoftThreatIntelligence",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "dataTypes": {
      "microsoftEmergingThreatFeed": {
        "state": "Enabled",
        "lookbackPeriod": "1970-01-01T00:00:00.000Z"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04";
SecurityInsightsDataConnectorData data = new MstiDataConnector()
{
    TenantId = Guid.Parse("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
    MicrosoftEmergingThreatFeedState = SecurityInsightsDataTypeConnectionState.Enabled,
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
  "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0",
  "kind": "MicrosoftThreatIntelligence",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "dataTypes": {
      "microsoftEmergingThreatFeed": {
        "state": "Enabled",
        "lookbackPeriod": "01/01/1970 00:00:00"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
  "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0",
  "kind": "MicrosoftThreatIntelligence",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "dataTypes": {
      "microsoftEmergingThreatFeed": {
        "state": "Enabled",
        "lookbackPeriod": "01/01/1970 00:00:00"
      }
    }
  }
}

Creates or updates a MicrosoftThreatProtection data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "MicrosoftThreatProtection",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5",
    "dataTypes": {
      "incidents": {
        "state": "Disabled"
      },
      "alerts": {
        "state": "Enabled"
      }
    },
    "filteredProviders": {
      "alerts": [
        "microsoftDefenderForCloudApps"
      ]
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new MtpDataConnector()
{
    TenantId = Guid.Parse("178265c4-3136-4ff6-8ed1-b5b62b4cb5f5"),
    FilteredProvidersAlerts =
    {
    MtpProvider.MicrosoftDefenderForCloudApps
    },
    IncidentsState = SecurityInsightsDataTypeConnectionState.Disabled,
    AlertsState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3",
  "name": "595c870a-5b74-4a23-984c-9ddba29cefe3",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "MicrosoftThreatProtection",
  "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "incidents": {
        "state": "Disabled55"
      },
      "alerts": {
        "state": "Enabled"
      }
    },
    "filteredProviders": {
      "alerts": [
        "microsoftDefenderForCloudApps"
      ]
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3",
  "name": "595c870a-5b74-4a23-984c-9ddba29cefe3",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "MicrosoftThreatProtection",
  "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "incidents": {
        "state": "Disabled"
      },
      "alerts": {
        "state": "Enabled"
      }
    },
    "filteredProviders": {
      "alerts": [
        "microsoftDefenderForCloudApps"
      ]
    }
  }
}

Creates or updates a Threat Intelligence Taxii data connector.

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0",
  "kind": "ThreatIntelligenceTaxii",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds",
    "collectionId": "135",
    "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4",
    "friendlyName": "testTaxii",
    "userName": "--",
    "password": "--",
    "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "pollingFrequency": "OnceADay",
    "dataTypes": {
      "taxiiClient": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new ThreatIntelligenceTaxiiDataConnector()
{
    TenantId = Guid.Parse("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
    WorkspaceId = "dd124572-4962-4495-9bd2-9dade12314b4",
    FriendlyName = "testTaxii",
    TaxiiServer = "https://limo.anomali.com/api/v1/taxii2/feeds",
    CollectionId = "135",
    UserName = "--",
    Password = "--",
    TaxiiLookbackPeriod = DateTimeOffset.Parse("2020-01-01T13:00:30.123Z"),
    PollingFrequency = PollingFrequency.OnceADay,
    TaxiiClientState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("d12423f6-a60b-4ca5-88c0-feb1a182d0f0"),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0",
  "kind": "ThreatIntelligenceTaxii",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds",
    "collectionId": "135",
    "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871",
    "friendlyName": "testTaxii",
    "userName": null,
    "password": null,
    "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "pollingFrequency": "OnceADay",
    "dataTypes": {
      "taxiiClient": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0",
  "kind": "ThreatIntelligenceTaxii",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds",
    "collectionId": "135",
    "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871",
    "friendlyName": "testTaxii",
    "userName": null,
    "password": null,
    "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "pollingFrequency": "OnceADay",
    "dataTypes": {
      "taxiiClient": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an MicrosoftPurviewInformationProtection data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "MicrosoftPurviewInformationProtection",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new MicrosoftPurviewInformationProtectionDataConnector()
{
    TenantId = Guid.Parse("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
    LogsState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "MicrosoftPurviewInformationProtection",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "MicrosoftPurviewInformationProtection",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an Office PowerBI data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "OfficePowerBI",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new OfficePowerBIDataConnector()
{
    TenantId = Guid.Parse("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
    LogsState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "OfficePowerBI",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "OfficePowerBI",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an Office365 data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new SecurityInsightsOfficeDataConnector()
{
    TenantId = Guid.Parse("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
    DataTypes = new SecurityInsightsOfficeDataConnectorDataTypes(new DataConnectorDataTypeCommon(SecurityInsightsDataTypeConnectionState.Enabled), new DataConnectorDataTypeCommon(SecurityInsightsDataTypeConnectionState.Enabled), new DataConnectorDataTypeCommon(SecurityInsightsDataTypeConnectionState.Enabled)),
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an Office365 Project data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "Office365Project",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new Office365ProjectDataConnector()
{
    TenantId = Guid.Parse("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
    LogsState = SecurityInsightsDataTypeConnectionState.Enabled,
    ETag = new ETag("\"0300bf09-0000-0000-0000-5c37296e0000\""),
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365Project",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365Project",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "logs": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an Threat Intelligence Platform data connector

Solicitud de ejemplo

HTTP
dotnet

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-01-01-preview

{
  "kind": "ThreatIntelligence",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityInsights.Models;
using Azure.ResourceManager.SecurityInsights;

// Generated from example definition: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json
// this example is just showing the usage of "DataConnectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this OperationalInsightsWorkspaceSecurityInsightsResource created on azure
// for more information of creating OperationalInsightsWorkspaceSecurityInsightsResource, please refer to the document of OperationalInsightsWorkspaceSecurityInsightsResource
string subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0";
string resourceGroupName = "myRg";
string workspaceName = "myWorkspace";
ResourceIdentifier operationalInsightsWorkspaceSecurityInsightsResourceId = OperationalInsightsWorkspaceSecurityInsightsResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, workspaceName);
OperationalInsightsWorkspaceSecurityInsightsResource operationalInsightsWorkspaceSecurityInsights = client.GetOperationalInsightsWorkspaceSecurityInsightsResource(operationalInsightsWorkspaceSecurityInsightsResourceId);

// get the collection of this SecurityInsightsDataConnectorResource
SecurityInsightsDataConnectorCollection collection = operationalInsightsWorkspaceSecurityInsights.GetSecurityInsightsDataConnectors();

// invoke the operation
string dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5";
SecurityInsightsDataConnectorData data = new SecurityInsightsTIDataConnector()
{
    TenantId = Guid.Parse("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
    TipLookbackOn = DateTimeOffset.Parse("2020-01-01T13:00:30.123Z"),
    IndicatorsState = SecurityInsightsDataTypeConnectionState.Enabled,
};
ArmOperation<SecurityInsightsDataConnectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, dataConnectorId, data);
SecurityInsightsDataConnectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityInsightsDataConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "ThreatIntelligence",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}

status code:: 201

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "ThreatIntelligence",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}

Definiciones

Nombre	Description
AADDataConnector	Representa el conector de datos AADIP (Azure Active Directory Identity Protection).
AATPDataConnector	Representa el conector de datos de AATP (Azure Advanced Threat Protection).
Alerts	Tipo de datos de alertas para el conector de datos plataformas de protección contra amenazas de Microsoft.
AlertsDataTypeOfDataConnector	Alerta del tipo de datos para los conectores de datos.
ApiKeyAuthModel	Modelo para la autenticación con la clave de API. Dará como resultado un encabezado adicional en la solicitud (comportamiento predeterminado) en el servidor remoto: "ApiKeyName: ApiKeyIdentifier ApiKey". Si 'IsApiKeyInPostPayload' es true, lo enviará en el cuerpo de la solicitud y no en el encabezado.
ASCDataConnector	Representa el conector de datos de ASC (Azure Security Center).
Availability	Estado de disponibilidad del conector
AvailabilityStatus	Estado de disponibilidad del conector
AWSAuthModel	Modelo para la autenticación de API con AWS.
AwsCloudTrailDataConnector	Representa el conector de datos de Amazon Web Services CloudTrail.
AwsCloudTrailDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Amazon Web Services CloudTrail.
AwsS3DataConnector	Representa el conector de datos de Amazon Web Services S3.
AwsS3DataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos S3 de Amazon Web Services.
BasicAuthModel	Modelo de autenticación de API con flujo básico: nombre de usuario y contraseña.
CcpAuthType	Tipo de paginación
CcpResponseConfig	Una configuración de respuesta personalizada para una regla.
CloudError	Estructura de respuesta de error.
CloudErrorBody	Detalles del error.
CodelessApiPollingDataConnector	Representa el conector de datos de sondeo de API sin código.
CodelessConnectorPollingAuthProperties	Describir las propiedades de autenticación necesarias para autenticarse correctamente con el servidor
CodelessConnectorPollingConfigProperties	Configuración para describir la configuración de sondeo para el conector de sondeo de API
CodelessConnectorPollingPagingProperties	Describir las propiedades necesarias para realizar una llamada de paginación
CodelessConnectorPollingRequestProperties	Describir las propiedades de solicitud necesarias para extraer correctamente del servidor
CodelessConnectorPollingResponseProperties	Describe la respuesta del servidor externo.
CodelessUiConnectorConfigProperties	Configuración para describir la hoja de instrucciones
CodelessUiDataConnector	Representa el conector de datos de interfaz de usuario sin código.
ConnectivityCriteria	Configuración de la conectividad de comprobación del conector
ConnectivityType	tipo de conectividad
createdByType	Tipo de identidad que creó el recurso.
Customs	Permisos aduaneros necesarios para el conector
DataConnectorDataTypeCommon	Campo común para el tipo de datos en conectores de datos.
DataConnectorKind	El tipo del conector de datos
DataTypes	Tipos de datos para comprobar los últimos datos recibidos
DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.
DCRConfiguration	Configuración del destino de los datos.
Dynamics365CdsActivities	Conexión de tipo de datos de Common Data Service.
Dynamics365DataConnector	Representa el conector de datos de Dynamics365.
Dynamics365DataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Dynamics365.
Exchange	Conexión de tipo de datos de Exchange.
GCPAuthModel	Modelo de autenticación de API para todos los conectores de tipo GCP.
GCPAuthProperties	Propiedades de la sección de autenticación de Google Cloud Platform.
GCPDataConnector	Representa el conector de datos de Google Cloud Platform.
GCPRequestProperties	Propiedades de la sección de solicitudes de Google Cloud Platform.
GenericBlobSbsAuthModel	Modelo de autenticación de API para trabajar con service bus o cuenta de almacenamiento.
GitHubAuthModel	Modelo de autenticación de API para GitHub. En primer lugar, para esta autenticación es necesario aprobar la aplicación Enrutador (Microsoft Security DevOps) para acceder a la cuenta de GitHub y, a continuación, solo necesitamos installationId para obtener el token de acceso de https://api.github.com/app/installations/{installId}/access_tokens.
GraphQueries	Consulta de grafo para mostrar el estado de datos actual
httpMethodVerb	Método HTTP, valor predeterminado GET.
Incidents	Tipo de datos incidentes para el conector de datos de plataformas de protección contra amenazas de Microsoft.
Indicators	Tipo de datos para la conexión de indicadores.
Instructions	Detalles del paso de instrucción
InstructionSteps	Pasos de instrucción para habilitar el conector
IoTDataConnector	Representa el conector de datos de IoT.
JwtAuthModel	Modelo para la autenticación de API con JWT. Intercambio simple entre el nombre de usuario y la contraseña al token de acceso.
Logs	Registra el tipo de datos.
MCASDataConnector	Representa el conector de datos MCAS (Microsoft Cloud App Security).
MCASDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos MCAS (Microsoft Cloud App Security).
MDATPDataConnector	Representa el conector de datos MDATP (Protección contra amenazas avanzada de Microsoft Defender).
MicrosoftEmergingThreatFeed	Tipo de datos para el conector de datos plataformas de inteligencia sobre amenazas de Microsoft.
MicrosoftPurviewInformationProtectionConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Microsoft Purview Information Protection.
MicrosoftPurviewInformationProtectionDataConnector	Representa el conector de datos de Microsoft Purview Information Protection.
MSTIDataConnector	Representa el conector de datos de Inteligencia sobre amenazas de Microsoft.
MSTIDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos plataformas de inteligencia sobre amenazas de Microsoft.
MTPDataConnector	Representa el conector de datos MTP (Protección contra amenazas de Microsoft).
MTPDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos plataformas de protección contra amenazas de Microsoft.
MtpFilteredProviders	Representa los proveedores filtrados del conector.
MtpProvider	Los proveedores de datos disponibles.
NoneAuthModel	Modelo de autenticación de API sin método de autenticación: API pública.
OAuthModel	Modelo para la autenticación de API con OAuth2.
Office365ProjectConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Microsoft Project de Office.
Office365ProjectDataConnector	Representa el conector de datos de Microsoft Project de Office.
OfficeATPDataConnector	Representa el conector de datos officeATP (Protección contra amenazas avanzada de Office 365).
OfficeDataConnector	Representa el conector de datos de office.
OfficeDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Office.
OfficeIRMDataConnector	Representa el conector de datos de OfficeIRM (Administración de riesgos internos de Microsoft).
OfficePowerBIConnectorDataTypes	Los tipos de datos disponibles para el conector de datos de Microsoft PowerBI de Office.
OfficePowerBIDataConnector	Representa el conector de datos de Microsoft PowerBI de Office.
OracleAuthModel	Modelo para la autenticación de API para Oracle.
PermissionProviderScope	Ámbito del proveedor de permisos
Permissions	Permisos necesarios para el conector
PollingFrequency	Frecuencia de sondeo del servidor TAXII.
ProviderName	Nombre del proveedor
RequiredPermissions	Permisos necesarios para el conector
ResourceProvider	Permisos de proveedor de recursos necesarios para el conector
RestApiPollerDataConnector	Representa el conector de datos de rest Api Poller.
RestApiPollerRequestConfig	Configuración de la solicitud.
RestApiPollerRequestPagingConfig	Configuración de paginación de solicitudes.
RestApiPollerRequestPagingKind	Tipo de paginación
SampleQueries	Consultas de ejemplo para el conector
SessionAuthModel	Modelo de autenticación de API con cookie de sesión.
SettingType	El tipo de configuración
SharePoint	Conexión de tipo de datos de SharePoint.
systemData	Metadatos relativos a la creación y última modificación del recurso.
TaxiiClient	Tipo de datos para el conector TAXII.
Teams	Conexión de tipo de datos de Teams.
TIDataConnector	Representa el conector de datos de inteligencia sobre amenazas.
TIDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos ti (Inteligencia sobre amenazas).
TiTaxiiDataConnector	Conector de datos para extraer datos de inteligencia sobre amenazas del servidor TAXII 2.0/2.1
TiTaxiiDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos TAXII de Inteligencia sobre amenazas.

AADDataConnector

Object

Representa el conector de datos AADIP (Azure Active Directory Identity Protection).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: AzureActiveDirectory	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

AATPDataConnector

Object

Representa el conector de datos de AATP (Azure Advanced Threat Protection).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: AzureAdvancedThreatProtection	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

Alerts

Object

Tipo de datos de alertas para el conector de datos plataformas de protección contra amenazas de Microsoft.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

AlertsDataTypeOfDataConnector

Object

Alerta del tipo de datos para los conectores de datos.

Nombre	Tipo	Description
alerts	DataConnectorDataTypeCommon	Alerta de conexión de tipo de datos.

ApiKeyAuthModel

Object

Modelo para la autenticación con la clave de API. Dará como resultado un encabezado adicional en la solicitud (comportamiento predeterminado) en el servidor remoto: "ApiKeyName: ApiKeyIdentifier ApiKey". Si 'IsApiKeyInPostPayload' es true, lo enviará en el cuerpo de la solicitud y no en el encabezado.

Nombre	Tipo	Description
apiKey	string	Clave de API para la credencial de clave secreta de usuario
apiKeyIdentifier	string	Identificador de clave de API
apiKeyName	string	Nombre de clave de API
isApiKeyInPostPayload	boolean	Marca para indicar si la clave de API está establecida en la carga DE HTTP POST
type	string: APIKey	Tipo de autenticación

ASCDataConnector

Object

Representa el conector de datos de ASC (Azure Security Center).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: AzureSecurityCenter	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.subscriptionId	string	Identificador de suscripción al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

Availability

Object

Estado de disponibilidad del conector

Nombre	Tipo	Description
isPreview	boolean	Establecimiento del conector como versión preliminar
status	AvailabilityStatus	Estado de disponibilidad del conector

AvailabilityStatus

Enumeration

Estado de disponibilidad del conector

Valor	Description
1

AWSAuthModel

Object

Modelo para la autenticación de API con AWS.

Nombre	Tipo	Description
externalId	string	AWS STS asume el identificador externo del rol. Esto se usa para evitar el problema adjunto confuso: "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html"
roleArn	string	AWS STS asume el rol ARN
type	string: AWS	Tipo de autenticación

AwsCloudTrailDataConnector

Object

Representa el conector de datos de Amazon Web Services CloudTrail.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: AmazonWebServicesCloudTrail	Tipo de conector de datos
name	string	Nombre del recurso
properties.awsRoleArn	string	Aws Role Arn (con la directiva CloudTrailReadOnly) que se usa para acceder a la cuenta de Aws.
properties.dataTypes	AwsCloudTrailDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

AwsCloudTrailDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Amazon Web Services CloudTrail.

Nombre	Tipo	Description
logs	Logs	Registra el tipo de datos.

AwsS3DataConnector

Object

Representa el conector de datos de Amazon Web Services S3.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: AmazonWebServicesS3	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AwsS3DataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.destinationTable	string	El nombre de la tabla de destino de registros en LogAnalytics.
properties.roleArn	string	Aws Role Arn que se usa para acceder a la cuenta de Aws.
properties.sqsUrls	string[]	Direcciones URL de AWS sqs para el conector.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

AwsS3DataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos S3 de Amazon Web Services.

Nombre	Tipo	Description
logs	Logs	Registra el tipo de datos.

BasicAuthModel

Object

Modelo de autenticación de API con flujo básico: nombre de usuario y contraseña.

Nombre	Tipo	Description
password	string	La contraseña
type	string: Basic	Tipo de autenticación
userName	string	Nombre de usuario.

CcpAuthType

Enumeration

Tipo de paginación

Valor	Description
APIKey
AWS
Basic
GCP
GitHub
JwtToken
None
OAuth2
Oracle
ServiceBus
Session

CcpResponseConfig

Object

Una configuración de respuesta personalizada para una regla.

Nombre	Tipo	Valor predeterminado	Description
compressionAlgo	string		Algoritmo de compresión.
convertChildPropertiesToArray	boolean		Valor que indica si la respuesta no es una matriz de eventos o registros. Al establecer esta marca en true significa que el servidor remoto responde con un objeto que cada propiedad tiene como valor una matriz de eventos o registros.
csvDelimiter	string		El delimitador csv, en caso de que el formato de respuesta sea CSV.
csvEscape	string	"	Th character used to escape characters in CSV.
eventsJsonPaths	string[]		Las rutas de acceso json, '$' char son la raíz json.
format	string	json	Formato de respuesta. los valores posibles son json,csv,xml
hasCsvBoundary	boolean		Valor que indica si la respuesta tiene límites CSV en caso de que la respuesta tenga formato CSV.
hasCsvHeader	boolean		Valor que indica si la respuesta tiene encabezados en caso de que la respuesta tenga formato CSV.
isGzipCompressed	boolean		Valor que indica si el servidor remoto admite Gzip y deberíamos esperar la respuesta Gzip.
successStatusJsonPath	string		Valor en el que el mensaje o código de estado debe aparecer en la respuesta.
successStatusValue	string		Valor de estado.

CloudError

Object

Estructura de respuesta de error.

Nombre	Tipo	Description
error	CloudErrorBody	Datos de error

CloudErrorBody

Object

Detalles del error.

Nombre	Tipo	Description
code	string	Identificador del error. Los códigos son invariables y están diseñados para consumirse mediante programación.
message	string	Mensaje que describe el error, diseñado para ser adecuado para mostrarse en una interfaz de usuario.

CodelessApiPollingDataConnector

Object

Representa el conector de datos de sondeo de API sin código.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: APIPolling	Tipo de conector de datos
name	string	Nombre del recurso
properties.connectorUiConfig	CodelessUiConnectorConfigProperties	Configuración para describir la hoja de instrucciones
properties.pollingConfig	CodelessConnectorPollingConfigProperties	Configuración para describir las instrucciones de sondeo
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

CodelessConnectorPollingAuthProperties

Object

Describir las propiedades de autenticación necesarias para autenticarse correctamente con el servidor

Nombre	Tipo	Description
apiKeyIdentifier	string	Envío de prefijo en el encabezado antes del token real
apiKeyName	string	Nombre de encabezado con el que se envía el token
authType	string	El tipo de autenticación
authorizationEndpoint	string	Punto de conexión que se usa para autorizar al usuario, que se usa en el flujo de Oauth 2.0
authorizationEndpointQueryParameters	object	Los parámetros de consulta usados en la solicitud de autorización, usados en el flujo de Oauth 2.0
flowName	string	Describe el nombre del flujo, por ejemplo , "AuthCode" para Oauth 2.0.
isApiKeyInPostPayload	string	Marca si la clave debe enviarse en el encabezado
isClientSecretInHeader	boolean	Marca si debemos enviar el secreto de cliente en el encabezado o la carga útil, que se usa en el flujo de Oauth 2.0.
redirectionEndpoint	string	El punto de conexión de redireccionamiento donde obtendremos el código de autorización, que se usa en el flujo de Oauth 2.0.
scope	string	Ámbito del token de OAuth
tokenEndpoint	string	Punto de conexión que se usa para emitir un token, que se usa en el flujo de Oauth 2.0
tokenEndpointHeaders	object	Los encabezados de consulta usados en la solicitud de token, usados en el flujo de Oauth 2.0
tokenEndpointQueryParameters	object	Los parámetros de consulta usados en la solicitud de token, usados en el flujo de Oauth 2.0

CodelessConnectorPollingConfigProperties

Object

Configuración para describir la configuración de sondeo para el conector de sondeo de API

Nombre	Tipo	Description
auth	CodelessConnectorPollingAuthProperties	Describir el tipo de autenticación del sondeo
isActive	boolean	Estado activo del sondeo
paging	CodelessConnectorPollingPagingProperties	Describir la configuración de paginación de la solicitud de sondeo del sondeo
request	CodelessConnectorPollingRequestProperties	Describir los parámetros de configuración de solicitud de sondeo del sondeo
response	CodelessConnectorPollingResponseProperties	Describir los parámetros de configuración de respuesta del sondeo

CodelessConnectorPollingPagingProperties

Object

Describir las propiedades necesarias para realizar una llamada de paginación

Nombre	Tipo	Description
nextPageParaName	string	Define el nombre de un atributo de página siguiente.
nextPageTokenJsonPath	string	Define la ruta de acceso a un json de token de página siguiente.
pageCountAttributePath	string	Define la ruta de acceso a un atributo de recuento de páginas.
pageSize	integer	Define el tamaño de paginación.
pageSizeParaName	string	Define el nombre del parámetro de tamaño de página.
pageTimeStampAttributePath	string	Define la ruta de acceso a un atributo de marca de tiempo de paginación.
pageTotalCountAttributePath	string	Define la ruta de acceso a un atributo de recuento total de páginas
pagingType	string	Describe el tipo. podría ser 'None', 'PageToken', 'PageCount', 'TimeStamp'
searchTheLatestTimeStampFromEventsList	string	Determina si se va a buscar la marca de tiempo más reciente en la lista de eventos.

CodelessConnectorPollingRequestProperties

Object

Describir las propiedades de solicitud necesarias para extraer correctamente del servidor

Nombre	Tipo	Description
apiEndpoint	string	Describir el punto de conexión del que debemos extraer los datos
endTimeAttributeName	string	Se usarán los eventos de consulta desde el final del período de tiempo.
headers	object	Describir los encabezados enviados en la solicitud de sondeo
httpMethod	string	El tipo de método http que usaremos en la solicitud de sondeo, GET o POST
queryParameters	object	Describir los parámetros de consulta enviados en la solicitud de sondeo
queryParametersTemplate	string	Para escenarios avanzados, por ejemplo, el nombre de usuario o la contraseña insertados en la carga JSON anidada
queryTimeFormat	string	El formato de hora se usará los eventos de consulta en una ventana específica.
queryWindowInMin	integer	El intervalo de ventana usaremos la extracción de los datos.
rateLimitQps	integer	Define el límite de velocidad QPS.
retryCount	integer	Describir la cantidad de tiempo que debemos probar y sondear los datos en caso de error
startTimeAttributeName	string	Se usarán los eventos de consulta desde un inicio del período de tiempo.
timeoutInSeconds	integer	El número de segundos que consideraremos como tiempo de espera de solicitud

CodelessConnectorPollingResponseProperties

Object

Describe la respuesta del servidor externo.

Nombre	Tipo	Description
eventsJsonPaths	string[]	Describe la ruta de acceso que debemos extraer los datos en la respuesta.
isGzipCompressed	boolean	Describe si los datos de la respuesta son Gzip.
successStatusJsonPath	string	Describe la ruta de acceso que debemos extraer el código de estado en la respuesta.
successStatusValue	string	Describe la ruta de acceso que debemos extraer el valor de estado en la respuesta.

CodelessUiConnectorConfigProperties

Object

Configuración para describir la hoja de instrucciones

Nombre	Tipo	Description
availability	Availability	Estado de disponibilidad del conector
connectivityCriteria	ConnectivityCriteria[]	Definición de la forma en que el conector comprueba la conectividad
customImage	string	Imagen personalizada opcional que se va a usar al mostrar el conector en la galería del conector de Azure Sentinel
dataTypes	DataTypes[]	Tipos de datos para comprobar los últimos datos recibidos
descriptionMarkdown	string	Descripción del conector
graphQueries	GraphQueries[]	Consulta de grafo para mostrar el estado de datos actual
graphQueriesTableName	string	Nombre de la tabla en la que el conector insertará los datos.
instructionSteps	InstructionSteps[]	Pasos de instrucción para habilitar el conector
permissions	Permissions	Permisos necesarios para el conector
publisher	string	Nombre del publicador del conector
sampleQueries	SampleQueries[]	Consultas de ejemplo para el conector
title	string	Título de la hoja conector

CodelessUiDataConnector

Object

Representa el conector de datos de interfaz de usuario sin código.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: GenericUI	Tipo de conector de datos
name	string	Nombre del recurso
properties.connectorUiConfig	CodelessUiConnectorConfigProperties	Configuración para describir la hoja de instrucciones
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

ConnectivityCriteria

Object

Configuración de la conectividad de comprobación del conector

Nombre	Tipo	Description
type	ConnectivityType	tipo de conectividad
value	string[]	Consultas para comprobar la conectividad

ConnectivityType

Enumeration

tipo de conectividad

Valor	Description
IsConnectedQuery

createdByType

Enumeration

Tipo de identidad que creó el recurso.

Valor	Description
Application
Key
ManagedIdentity
User

Customs

Object

Permisos aduaneros necesarios para el conector

Nombre	Tipo	Description
description	string	Descripción de los permisos aduaneros
name	string	Nombre de los permisos aduaneros

DataConnectorDataTypeCommon

Object

Campo común para el tipo de datos en conectores de datos.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

DataConnectorKind

Enumeration

El tipo del conector de datos

Valor	Description
APIPolling
AmazonWebServicesCloudTrail
AmazonWebServicesS3
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
Dynamics365
GCP
GenericUI
IOT
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
MicrosoftPurviewInformationProtection
MicrosoftThreatIntelligence
MicrosoftThreatProtection
Office365
Office365Project
OfficeATP
OfficeIRM
OfficePowerBI
RestApiPoller
ThreatIntelligence
ThreatIntelligenceTaxii

DataTypes

Object

Tipos de datos para comprobar los últimos datos recibidos

Nombre	Tipo	Description
lastDataReceivedQuery	string	Consulta para indicar los últimos datos recibidos
name	string	Nombre del tipo de datos que se va a mostrar en el gráfico. se puede usar con el marcador de posición {{graphQueriesTableName}}

DataTypeState

Enumeration

Describir si esta conexión de tipo de datos está habilitada o no.

Valor	Description
Disabled
Enabled

DCRConfiguration

Object

Configuración del destino de los datos.

Nombre	Tipo	Description
dataCollectionEndpoint	string	Representa el punto de conexión de ingesta de recopilación de datos en Log Analytics.
dataCollectionRuleImmutableId	string	El identificador inmutable de la regla de recopilación de datos, la regla define la transformación y el destino de los datos.
streamName	string	Secuencia a la que se envían los datos.

Dynamics365CdsActivities

Object

Conexión de tipo de datos de Common Data Service.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

Dynamics365DataConnector

Object

Representa el conector de datos de Dynamics365.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: Dynamics365	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	Dynamics365DataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

Dynamics365DataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Dynamics365.

Nombre	Tipo	Description
dynamics365CdsActivities	Dynamics365CdsActivities	Conexión de tipo de datos de Common Data Service.

Exchange

Object

Conexión de tipo de datos de Exchange.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

GCPAuthModel

Object

Modelo de autenticación de API para todos los conectores de tipo GCP.

Nombre	Tipo	Description
projectNumber	string	Número de proyecto de GCP
serviceAccountEmail	string	Correo electrónico de cuenta de servicio de GCP
type	string: GCP	Tipo de autenticación
workloadIdentityProviderId	string	Identificador del proveedor de identidades de carga de trabajo de GCP

GCPAuthProperties

Object

Propiedades de la sección de autenticación de Google Cloud Platform.

Nombre	Tipo	Description
projectNumber	string	Número de proyecto de GCP.
serviceAccountEmail	string	La cuenta de servicio que se usa para acceder al proyecto de GCP.
workloadIdentityProviderId	string	Identificador del proveedor de identidades de carga de trabajo que se usa para obtener acceso al proyecto de GCP.

GCPDataConnector

Object

Representa el conector de datos de Google Cloud Platform.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: GCP	Tipo de conector de datos
name	string	Nombre del recurso
properties.auth	GCPAuthProperties	Sección de autenticación del conector.
properties.connectorDefinitionName	string	Nombre de la definición del conector que representa la configuración de la interfaz de usuario.
properties.dcrConfig	DCRConfiguration	Configuración del destino de los datos.
properties.request	GCPRequestProperties	Sección de solicitud del conector.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

GCPRequestProperties

Object

Propiedades de la sección de solicitudes de Google Cloud Platform.

Nombre	Tipo	Description
projectId	string	Identificador del proyecto de GCP.
subscriptionNames	string[]	Nombres de suscripción de publicación o suscripción de GCP.

GenericBlobSbsAuthModel

Object

Modelo de autenticación de API para trabajar con service bus o cuenta de almacenamiento.

Nombre	Tipo	Description
credentialsConfig	object	Credenciales para el espacio de nombres de Service Bus, el URI de keyvault para la clave de acceso
storageAccountCredentialsConfig	object	Credenciales para la cuenta de almacenamiento, el URI de keyvault para la clave de acceso
type	string: ServiceBus	Tipo de autenticación

GitHubAuthModel

Object

Modelo de autenticación de API para GitHub. En primer lugar, para esta autenticación es necesario aprobar la aplicación Enrutador (Microsoft Security DevOps) para acceder a la cuenta de GitHub y, a continuación, solo necesitamos installationId para obtener el token de acceso de https://api.github.com/app/installations/{installId}/access_tokens.

Nombre	Tipo	Description
installationId	string	Identificador de instalación de autenticación de GitHubApp.
type	string: GitHub	Tipo de autenticación

GraphQueries

Object

Consulta de grafo para mostrar el estado de datos actual

Nombre	Tipo	Description
baseQuery	string	La consulta base del gráfico
legend	string	Leyenda del gráfico
metricName	string	la métrica que comprueba la consulta.

httpMethodVerb

Enumeration

Método HTTP, valor predeterminado GET.

Valor	Description
DELETE
GET
POST
PUT

Incidents

Object

Tipo de datos incidentes para el conector de datos de plataformas de protección contra amenazas de Microsoft.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

Indicators

Object

Tipo de datos para la conexión de indicadores.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

Instructions

Object

Detalles del paso de instrucción

Nombre	Tipo	Description
parameters	object	Parámetros de la configuración
type	SettingType	El tipo de configuración

InstructionSteps

Object

Pasos de instrucción para habilitar el conector

Nombre	Tipo	Description
description	string	Descripción del paso de instrucción
instructions	Instructions[]	Detalles del paso de instrucción
title	string	Título del paso de instrucción

IoTDataConnector

Object

Representa el conector de datos de IoT.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: IOT	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.subscriptionId	string	Identificador de suscripción al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

JwtAuthModel

Object

Modelo para la autenticación de API con JWT. Intercambio simple entre el nombre de usuario y la contraseña al token de acceso.

Nombre	Tipo	Valor predeterminado	Description
headers	object		Los encabezados personalizados que queremos agregar una vez que se envía la solicitud al punto de conexión del token.
isCredentialsInHeaders	boolean		Marca que indica si queremos enviar el nombre de usuario y la contraseña al punto de conexión de token en los encabezados.
isJsonRequest	boolean	False	Marca que indica si la solicitud del cuerpo es JSON (encabezado Content-Type = application/json), lo que significa que es una solicitud codificada con dirección URL de formulario (encabezado Content-Type = application/x-www-form-urlencoded).
password	object		La contraseña
queryParameters	object		El parámetro de consulta personalizado que queremos agregar una vez que se envía la solicitud al punto de conexión del token.
requestTimeoutInSeconds	integer	100	Tiempo de espera de la solicitud en segundos.
tokenEndpoint	string		Punto de conexión de token para solicitar JWT
type	string: JwtToken		Tipo de autenticación
userName	object		Nombre de usuario. Si el nombre de usuario y la contraseña enviados en la solicitud de encabezado solo es necesario rellenar la propiedad `value` con el nombre de usuario (igual que la autenticación básica). Si el nombre de usuario y la contraseña enviados en la solicitud del cuerpo es necesario especificar el `Key` y `Value`.

Logs

Object

Registra el tipo de datos.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

MCASDataConnector

Object

Representa el conector de datos MCAS (Microsoft Cloud App Security).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: MicrosoftCloudAppSecurity	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	MCASDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

MCASDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos MCAS (Microsoft Cloud App Security).

Nombre	Tipo	Description
alerts	DataConnectorDataTypeCommon	Alerta de conexión de tipo de datos.
discoveryLogs	DataConnectorDataTypeCommon	Conexión de tipo de datos de registro de detección.

MDATPDataConnector

Object

Representa el conector de datos MDATP (Protección contra amenazas avanzada de Microsoft Defender).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: MicrosoftDefenderAdvancedThreatProtection	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

MicrosoftEmergingThreatFeed

Object

Tipo de datos para el conector de datos plataformas de inteligencia sobre amenazas de Microsoft.

Nombre	Tipo	Description
lookbackPeriod	string	Período de búsqueda para la fuente que se va a importar.
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

MicrosoftPurviewInformationProtectionConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Microsoft Purview Information Protection.

Nombre	Tipo	Description
logs	Logs	Registra el tipo de datos.

MicrosoftPurviewInformationProtectionDataConnector

Object

Representa el conector de datos de Microsoft Purview Information Protection.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: MicrosoftPurviewInformationProtection	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	MicrosoftPurviewInformationProtectionConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

MSTIDataConnector

Object

Representa el conector de datos de Inteligencia sobre amenazas de Microsoft.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: MicrosoftThreatIntelligence	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	MSTIDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

MSTIDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos plataformas de inteligencia sobre amenazas de Microsoft.

Nombre	Tipo	Description
microsoftEmergingThreatFeed	MicrosoftEmergingThreatFeed	Tipo de datos para el conector de datos plataformas de inteligencia sobre amenazas de Microsoft.

MTPDataConnector

Object

Representa el conector de datos MTP (Protección contra amenazas de Microsoft).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: MicrosoftThreatProtection	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	MTPDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.filteredProviders	MtpFilteredProviders	Los proveedores filtrados disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

MTPDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos plataformas de protección contra amenazas de Microsoft.

Nombre	Tipo	Description
alerts	Alerts	Tipo de datos de alertas para el conector de datos plataformas de protección contra amenazas de Microsoft.
incidents	Incidents	Tipo de datos incidentes para el conector de datos de plataformas de protección contra amenazas de Microsoft.

MtpFilteredProviders

Object

Representa los proveedores filtrados del conector.

Nombre	Tipo	Description
alerts	MtpProvider[]	Alertas de proveedores filtrados. Cuando no se aplican filtros, todas las alertas se transmitirán a través de la canalización MTP, aún en versión preliminar privada para todos los productos EXCEPT MDA y MDI, que están en estado ga.

MtpProvider

Enumeration

Los proveedores de datos disponibles.

Valor	Description
microsoftDefenderForCloudApps
microsoftDefenderForIdentity

NoneAuthModel

Object

Modelo de autenticación de API sin método de autenticación: API pública.

Nombre	Tipo	Description
type	string: None	Tipo de autenticación

OAuthModel

Object

Modelo para la autenticación de API con OAuth2.

Nombre	Tipo	Valor predeterminado	Description
accessTokenPrepend	string		Anteponer el token de acceso. El valor predeterminado es "Bearer".
authorizationCode	string		Código de autorización del usuario.
authorizationEndpoint	string		Punto de conexión de autorización.
authorizationEndpointHeaders	object		Encabezados del punto de conexión de autorización.
authorizationEndpointQueryParameters	object		Parámetros de consulta del punto de conexión de autorización.
clientId	string		Identificador de aplicación (cliente) que el proveedor de OAuth asignó a la aplicación.
clientSecret	string		Secreto de aplicación (cliente) que el proveedor de OAuth asignó a la aplicación.
grantType	string		El tipo de concesión, normalmente será "código de autorización".
isCredentialsInHeaders	boolean	False	Indica si queremos enviar clientId y clientSecret al punto de conexión del token en los encabezados.
isJwtBearerFlow	boolean		Valor que indica si es un flujo JWT.
redirectUri	string		Dirección URL de redirección de la aplicación que el usuario config en el proveedor de OAuth.
scope	string		Ámbito de aplicación (cliente) que el proveedor de OAuth asignó a la aplicación.
tokenEndpoint	string		Punto de conexión del token. Define el token de actualización de OAuth2.
tokenEndpointHeaders	object		Encabezados de punto de conexión de token.
tokenEndpointQueryParameters	object		Parámetros de consulta del punto de conexión de token.
type	string: OAuth2		Tipo de autenticación

Office365ProjectConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Microsoft Project de Office.

Nombre	Tipo	Description
logs	Logs	Registra el tipo de datos.

Office365ProjectDataConnector

Object

Representa el conector de datos de Microsoft Project de Office.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: Office365Project	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	Office365ProjectConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

OfficeATPDataConnector

Object

Representa el conector de datos officeATP (Protección contra amenazas avanzada de Office 365).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: OfficeATP	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

OfficeDataConnector

Object

Representa el conector de datos de office.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: Office365	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	OfficeDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

OfficeDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Office.

Nombre	Tipo	Description
exchange	Exchange	Conexión de tipo de datos de Exchange.
sharePoint	SharePoint	Conexión de tipo de datos de SharePoint.
teams	Teams	Conexión de tipo de datos de Teams.

OfficeIRMDataConnector

Object

Representa el conector de datos de OfficeIRM (Administración de riesgos internos de Microsoft).

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: OfficeIRM	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	AlertsDataTypeOfDataConnector	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

OfficePowerBIConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos de Microsoft PowerBI de Office.

Nombre	Tipo	Description
logs	Logs	Registra el tipo de datos.

OfficePowerBIDataConnector

Object

Representa el conector de datos de Microsoft PowerBI de Office.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: OfficePowerBI	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	OfficePowerBIConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

OracleAuthModel

Object

Modelo para la autenticación de API para Oracle.

Nombre	Tipo	Description
pemFile	string	Contenido del archivo PRM
publicFingerprint	string	Huella digital pública
tenantId	string	Identificador de inquilino de Oracle
type	string: Oracle	Tipo de autenticación
userId	string	Identificador de usuario de Oracle

PermissionProviderScope

Enumeration

Ámbito del proveedor de permisos

Valor	Description
ResourceGroup
Subscription
Workspace

Permissions

Object

Permisos necesarios para el conector

Nombre	Tipo	Description
customs	Customs[]	Permisos aduaneros necesarios para el conector
resourceProvider	ResourceProvider[]	Permisos de proveedor de recursos necesarios para el conector

PollingFrequency

Enumeration

Frecuencia de sondeo del servidor TAXII.

Valor	Description
OnceADay	Una vez al día
OnceAMinute	Una vez por minuto
OnceAnHour	Una vez por hora

ProviderName

Enumeration

Nombre del proveedor

Valor	Description
Microsoft.Authorization/policyAssignments
Microsoft.OperationalInsights/solutions
Microsoft.OperationalInsights/workspaces
Microsoft.OperationalInsights/workspaces/datasources
Microsoft.OperationalInsights/workspaces/sharedKeys
microsoft.aadiam/diagnosticSettings

RequiredPermissions

Object

Permisos necesarios para el conector

Nombre	Tipo	Description
action	boolean	permiso de acción
delete	boolean	eliminar permiso
read	boolean	permiso de lectura
write	boolean	permiso de escritura

ResourceProvider

Object

Permisos de proveedor de recursos necesarios para el conector

Nombre	Tipo	Description
permissionsDisplayText	string	Texto de descripción del permiso
provider	ProviderName	Nombre del proveedor
providerDisplayName	string	Nombre para mostrar del proveedor de permisos
requiredPermissions	RequiredPermissions	Permisos necesarios para el conector
scope	PermissionProviderScope	Ámbito del proveedor de permisos

RestApiPollerDataConnector

Object

Representa el conector de datos de rest Api Poller.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: RestApiPoller	Tipo de conector de datos
name	string	Nombre del recurso
properties.addOnAttributes	object	El complemento de atributos. El nombre de clave se convertirá en nombre de atributo (una columna) y el valor se convertirá en el valor de atributo de la carga.
properties.auth	CcpAuthConfig: AWSAuthModel ApiKeyAuthModel BasicAuthModel GCPAuthModel GenericBlobSbsAuthModel GitHubAuthModel JwtAuthModel NoneAuthModel OAuthModel OracleAuthModel SessionAuthModel	Modelo de autenticación.
properties.connectorDefinitionName	string	El nombre de la definición del conector (el identificador de recurso dataConnectorDefinition).
properties.dataType	string	Destino de la tabla de Log Analytics.
properties.dcrConfig	DCRConfiguration	Propiedades relacionadas con DCR.
properties.isActive	boolean	Indica si el conector está activo o no.
properties.paging	RestApiPollerRequestPagingConfig	Configuración de paginación.
properties.request	RestApiPollerRequestConfig	Configuración de la solicitud.
properties.response	CcpResponseConfig	Configuración de respuesta.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

RestApiPollerRequestConfig

Object

Configuración de la solicitud.

Nombre	Tipo	Description
apiEndpoint	string	Punto de conexión de API.
endTimeAttributeName	string	Nombre del parámetro de consulta que el servidor remoto espera finalizar la consulta. Esta propiedad va de la mano con `startTimeAttributeName`
headers	object	Encabezado de la solicitud del servidor remoto.
httpMethod	httpMethodVerb	Método HTTP, valor predeterminado GET.
isPostPayloadJson	boolean	Marca para indicar si la carga DE HTTP POST está en formato JSON (frente a form-urlencoded).
queryParameters		Parámetros de consulta HTTP para LA API RESTful.
queryParametersTemplate	string	plantilla de parámetros de consulta. Define la plantilla de parámetros de consulta que se va a usar al pasar parámetros de consulta en escenarios avanzados.
queryTimeFormat	string	Formato de hora de consulta. Un servidor remoto puede tener una consulta para extraer datos del intervalo "start" al "end". Esta propiedad indica cuál es el formato de hora esperado que el servidor remoto sabe analizar.
queryTimeIntervalAttributeName	string	El nombre del parámetro de consulta que necesitamos enviar al servidor para los registros de consulta en el intervalo de tiempo. Debe definirse con `queryTimeIntervalPrepend` y `queryTimeIntervalDelimiter`
queryTimeIntervalDelimiter	string	Cadena delimitador entre 2 QueryTimeFormat en el parámetro de consulta `queryTimeIntervalAttributeName`.
queryTimeIntervalPrepend	string	Cadena antepone al valor del parámetro de consulta en `queryTimeIntervalAttributeName`.
queryWindowInMin	integer	Ventana de consulta en minutos para la solicitud.
rateLimitQPS	integer	Consultas de límite de velocidad por segundo para la solicitud.
retryCount	integer	Recuento de reintentos.
startTimeAttributeName	string	Nombre del parámetro de consulta que el servidor remoto espera iniciar la consulta. Esta propiedad va de la mano con `endTimeAttributeName`.
timeoutInSeconds	integer	Tiempo de espera en segundos.

RestApiPollerRequestPagingConfig

Object

Configuración de paginación de solicitudes.

Nombre	Tipo	Description
pageSize	integer	Tamaño de página
pageSizeParameterName	string	Nombre del parámetro de tamaño de página
pagingType	RestApiPollerRequestPagingKind	Tipo de paginación

RestApiPollerRequestPagingKind

Enumeration

Tipo de paginación

Valor	Description
CountBasedPaging
LinkHeader
NextPageToken
NextPageUrl
Offset
PersistentLinkHeader
PersistentToken

SampleQueries

Object

Consultas de ejemplo para el conector

Nombre	Tipo	Description
description	string	Descripción de la consulta de ejemplo
query	string	la consulta de ejemplo

SessionAuthModel

Object

Modelo de autenticación de API con cookie de sesión.

Nombre	Tipo	Description
headers	object	Encabezados de solicitud HTTP al punto de conexión de servicio de sesión.
isPostPayloadJson	boolean	Indica si la clave de API está establecida en la carga de HTTP POST.
password	object	Nombre del atributo password.
queryParameters		Parámetros de consulta al punto de conexión de servicio de sesión.
sessionIdName	string	Nombre del atributo id de sesión del encabezado de respuesta HTTP.
sessionLoginRequestUri	string	Dirección URL de solicitud HTTP al punto de conexión de servicio de sesión.
sessionTimeoutInMinutes	integer	Tiempo de espera de sesión en minutos.
type	string: Session	Tipo de autenticación
userName	object	Valor de clave de atributo de nombre de usuario.

SettingType

Enumeration

El tipo de configuración

Valor	Description
CopyableLabel
InfoMessage
InstructionStepsGroup

SharePoint

Object

Conexión de tipo de datos de SharePoint.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

systemData

Object

Metadatos relativos a la creación y última modificación del recurso.

Nombre	Tipo	Description
createdAt	string	Marca de tiempo de creación de recursos (UTC).
createdBy	string	Identidad que creó el recurso.
createdByType	createdByType	Tipo de identidad que creó el recurso.
lastModifiedAt	string	Marca de tiempo de la última modificación del recurso (UTC)
lastModifiedBy	string	Identidad que modificó por última vez el recurso.
lastModifiedByType	createdByType	Tipo de identidad que modificó por última vez el recurso.

TaxiiClient

Object

Tipo de datos para el conector TAXII.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

Teams

Object

Conexión de tipo de datos de Teams.

Nombre	Tipo	Description
state	DataTypeState	Describir si esta conexión de tipo de datos está habilitada o no.

TIDataConnector

Object

Representa el conector de datos de inteligencia sobre amenazas.

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: ThreatIntelligence	Tipo de conector de datos
name	string	Nombre del recurso
properties.dataTypes	TIDataConnectorDataTypes	Los tipos de datos disponibles para el conector.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
properties.tipLookbackPeriod	string	Período de búsqueda para la fuente que se va a importar.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

TIDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos ti (Inteligencia sobre amenazas).

Nombre	Tipo	Description
indicators	Indicators	Tipo de datos para la conexión de indicadores.

TiTaxiiDataConnector

Object

Conector de datos para extraer datos de inteligencia sobre amenazas del servidor TAXII 2.0/2.1

Nombre	Tipo	Description
etag	string	Etag del recurso de Azure
id	string	Identificador de recurso completo para el recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string: ThreatIntelligenceTaxii	Tipo de conector de datos
name	string	Nombre del recurso
properties.collectionId	string	Identificador de colección del servidor TAXII.
properties.dataTypes	TiTaxiiDataConnectorDataTypes	Los tipos de datos disponibles para el conector de datos TAXII de Inteligencia sobre amenazas.
properties.friendlyName	string	Nombre descriptivo del servidor TAXII.
properties.password	string	Contraseña del servidor TAXII.
properties.pollingFrequency	PollingFrequency	Frecuencia de sondeo del servidor TAXII.
properties.taxiiLookbackPeriod	string	Período de búsqueda para el servidor TAXII.
properties.taxiiServer	string	Raíz de la API para el servidor TAXII.
properties.tenantId	string	Identificador de inquilino al que conectarse y obtener los datos.
properties.userName	string	UserName para el servidor TAXII.
properties.workspaceId	string	Identificador del área de trabajo.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información createdBy y modifiedBy.
type	string	Tipo del recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

TiTaxiiDataConnectorDataTypes

Object

Los tipos de datos disponibles para el conector de datos TAXII de Inteligencia sobre amenazas.

Nombre	Tipo	Description
taxiiClient	TaxiiClient	Tipo de datos para el conector TAXII.

Compartir a través de

Data Connectors - Create Or Update

Parámetros de identificador URI

Cuerpo de la solicitud

AADDataConnector

AATPDataConnector

ASCDataConnector

AwsCloudTrailDataConnector

AwsS3DataConnector

CodelessApiPollingDataConnector

CodelessUiDataConnector

Dynamics365DataConnector

GCPDataConnector

IoTDataConnector

MCASDataConnector

MDATPDataConnector

MicrosoftPurviewInformationProtectionDataConnector

MSTIDataConnector

MTPDataConnector

Office365ProjectDataConnector

OfficeATPDataConnector

OfficeDataConnector

OfficeIRMDataConnector

OfficePowerBIDataConnector

RestApiPollerDataConnector

TIDataConnector

TiTaxiiDataConnector

Respuestas

Seguridad

azure_auth

Ámbitos

Ejemplos

Creates or updates a APIPolling data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a Dynamics365 data connector.

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a GCP data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a GenericUI data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a Microsoft Threat Intelligence data connector.

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a MicrosoftThreatProtection data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates a Threat Intelligence Taxii data connector.

Solicitud de ejemplo

Respuesta de muestra

Creates or updates an MicrosoftPurviewInformationProtection data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates an Office PowerBI data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates an Office365 data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates an Office365 Project data connector

Solicitud de ejemplo

Respuesta de muestra

Creates or updates an Threat Intelligence Platform data connector

Solicitud de ejemplo

Respuesta de muestra

Definiciones

AADDataConnector

AATPDataConnector

Alerts

AlertsDataTypeOfDataConnector

ApiKeyAuthModel

ASCDataConnector

Availability

AvailabilityStatus

AWSAuthModel

AwsCloudTrailDataConnector

AwsCloudTrailDataConnectorDataTypes